by Austin Ralls | Jan 27, 2021 | CarveFacts, Cloud, News
Is your website hosted behind a CDN? Could an attacker brute force or guess your website’s origin URL? Are your origin servers hardened against DDoS threats? A common website configuration consists of hosting your applications with infrastructure...
by Mike Zusman | Dec 28, 2020 | Cloud, Digital Transformation, IOT, Mobile, News, Techniques, Web
Carve COO Max Sobell presenting on “Shifting Security Left” at Giphy HQ. Many a CTO and VP of Engineering has begrudgingly spent money on penetration tests in order to make their enterprise customers or auditors happy. You know how it goes: your team...
by Mike Zusman | May 13, 2020 | Cloud, Digital Transformation, Featured, News
Application Security, or AppSec, is a race between your business and bad actors. Whether you realize it or not, people and bots are constantly attacking and probing your Internet-facing and cloud hosted applications. In fact, it’s not uncommon to hear of...
by Brad Dixon | Apr 3, 2020 | Cloud, Digital Transformation, Featured, News
Zoom has had a tough week. While usage has been setting new records they have had to cope with a slew of security gaffes that have received lots of media attention. Concern over some of these issues is justified. However, Zoom seems to be getting more than its fair...
by Mike Zusman | Apr 3, 2020 | Cloud, Digital Transformation, Featured, News, Strategy
Hiring your first appsec engineer is a high-risk endeavor. Many organizations reach the conclusion they need to hire an appsec engineer after accumulating years – if not decades – of application security debt. Hiring an appsec engineer can be a long...
by Meador Inge | Feb 18, 2020 | Cloud, Featured, News, Techniques, Tools, Web
Introduction At Carve we perform at a lot of web application security assessments. Once we (1) find a vulnerability, we (2) confirm that it’s reproducible, write a proof of concept (PoC) exploit for the vulnerability to determine the impact, and then (3) focus...
